We are thrilled to announce the launch of our new ExchangeDefender admin user interface, going live on Thursday, October 24th. Check it out:
Faster. New ExchangeDefender UI loads exponentially faster than the previous version and feels more like a desktop application than a constantly refreshing web page.
More intuitive. We’ve looked at how our clients actually use the product and we’ve made it much easier to get to the features that users utilize often. We’ve also placed the content front and center while placing all the controls on the same page, so ExchangeDefender will be a breeze to use even for someone that’s seeing it for the first time.
More mobile. No more apps, no more installations, no more add-in’s – we’ve built an application that works anywhere and exposes all the ExchangeDefender functionality on a single panel of glass.
Extensive. Our mission is to help our clients build an office that is secure first. To make that possible, the new UI is actually a framework that makes it easy for users to communicate and collaborate more securely. It also enables our partners to plug their apps into ExchangeDefender and deliver a more complete solution.
No operational change. New ExchangeDefender UI behaves and functions the same way as the old one, making it easier for those that don’t like change to seamlessly continue working in the new UI. We didn’t move your cheese. But we’ve made it much smoother and faster to access so we’re sure you’ll love saving time while you enjoy enhanced security.
Initially the user experience will not change at all – we intend to “soft launch” the new user interface and allow anyone that wants to check out the new stuff in production to do so on demand. We did not want to surprise/shock any of our users with a brand-new look and interface, not to mention without an extended production testing schedule. After about a month (tentatively scheduled for Thanksgiving) the new interface will replace the old one as the default. On Thursday, October 24th you’ll be able to check it out in production:
We’ll have a lot more on the new UI shortly.
Stay tuned for all the details, videos, documentation and so on becoming available soon!
If you’ve attended our more recent webinars, you’re aware of our wider strategy to help businesses build a more secure office. In fact, this UI framework is already in production on the next generation products we launched recently. We would urge everyone to attend our webinar on Wednesday, November 13th where we’ll showcase even more details about our aggressive road-map and all the new features that immediately enable users to communicate and work more efficiently and more securely.
ExchangeDefender UI Upgrades & New Features
Wednesday, Nov 13, Noon
It’s my pleasure to introduce you to the most significant expansion of ExchangeDefender Security services in years: ExchangeDefender Password Vault. We have designed a user-friendly product that delivers military grade encryption, provides a layered authentication model, and ties into your business process for sharing and auditing – completely free for all ExchangeDefender Pro clients.
As explained in an earlier post the task of securing a business or any other organization is getting more complex with a new variety of hack attempts as well as an increasing demand from regulatory compliance standards that touch virtually every business in the world. It is no wonder that overwhelmed workers typically use the same password, that they rarely change it, and that storage of those passwords is negligent for the sole reason that “it works” and doesn’t create additional complexity. Unfortunately, that convenience leads to security compromises.
At ExchangeDefender, our mission is to keep you secure, and we’ve taken every advantage we get with Wrkoo to bring you a password solution that not only keeps you secure but helps you work better, smarter, and more efficiently. And, yes, we’ve made it free. You can expect to pay $50/user/year for consumer level protection and well over $100/user/year for business level password management – and we’ve made it free for a very simple reason. If you get compromised and hacked because Excel/SharePoint/Word “works”, your odds of staying in business are virtually zero (and our revenues depend on you staying in business). So yes, we’re highly motivated to keep you secure.
Getting started with ExchangeDefender and Password Vault is super simple: Login to https://admin.exchangedefender.com as you usually do to manage your SPAM and click on Quick Launch > Password Vault.
From there you will be redirected to your organization’s Wrkoo portal. The first step will be to create a master password to protect the vault and encrypt the keys needed to unlock your passwords. Literally everything is encrypted, end-to-end, so you’ll want to pick something you can remember. Just don’t write it down on a post it.
Wrkoo and ExchangeDefender already provide enterprise-grade one time password / multi factor authentication but if you really want to lock things down there is a second level of authentication that can be enabled – turning either your cell phone or email address into an additional authentication device.
Congratulations, it took five (5) clicks for you to take advantage of an enterprise password management solution with military grade encryption that nobody but you can get into. Here is what it looks like live:
This is the initial release and it allows you to create new passwords and perform usual maintenance and audit steps, but we’ve made certain to start implementing business intelligence immediately. You will know when the password was created, and when it was updated. The system will also let you know when the password should expire – so you can handle password resets and updates on important sites at your own schedule and pace – not when you really need to get into your checking account or loyalty card or reservation that forces you through the dreaded password reset process.
We’re busy at work with additional business features such as sharing, team lock boxes, audits, dark web searches, and tons of other functions. But what we have available right now – for free – is so important and so powerful that I am ending this blog post right now and begging you to go get enrolled and started with Password Vault right now. Let’s go to https://admin.exchangedefender.com
We have listened to our partners and decided to redesign our invoicing system so it works better for our partners. One of the many benefits of having both Wrkoo and ExchangeDefender teams working together, (more details in our next webinar on September 10th, 2019) is that we can take great ideas from all sorts of businesses and adapt them to serve our IT partners better. Specifically, new ExchangeDefender invoices will be grouped by client:
This will give you a clear indication of how many services each client is subscribed to, what type, amount, etc. For deeper dives by your CPA, you can filter and group by service and client so you can get exactly what you’re looking for (by default everything is sorted alphabetically, by the client):
And for the full details, just tap the title:
We’ll shortly be adding the ability to move services around, adjust titles, and for even more functionality as well as branding options you will have the ability to customize literally everything in your own Wrkoo portal.
Wrkoo and ExchangeDefender teams have been rolling out new features, listening to our partners needs, and you’re going to start seeing a lot of new features that result from that one-of-a-kind collaborative effort.
The best news though – as this is just a taste of what is coming – you’ll have to tune into our webinar on September 10th at NOON EDT. Trust us, you’re going to love what we’ve got coming!
ExchangeDefender recently launched the Automatic Account Provisioning system that replaces our old ExchangeDefender XDSync. The new system automatically finds email addresses that are sending out messages and sends a welcome message to provision the account – the CIO/MSP get a report with a summary of changes and essentially automates the entire process.
For compliance purposes we’re making it super easy to keep track of this process and we’re even providing some tools to help manage accidental activation – for licensing purposes if the email address sends emails out it’s considered a billable user (only inbound aliases/distribution groups/contacts are free)
As a CIO/Service Provider
If the email address was provisioned through the automation process, you will see an icon A next to the email address in your portal. To manage the accounts you’ll have to hop down to the Domain Administrator.
As a Domain Administrator
Domain Admin control panel at https://admin.exchangedefender.com gives you more granular controls over Automatic Account Provisioning. Under the Accounts section you will find the same A icon next to the accounts that were provisioned automatically.
If these accounts were provisioned by mistake and these are not valid users, you can Block them. Blocking an account does two things: it removes the user from the block list so it doesn’t continue to get provisioned after it is deleted and it blocks messages from that user / device / service from relaying mail.
To find users that were blocked from automatic activation (in case that address becomes a regular mailbox/sender in the future) you can click on the Blocked Addresses tab:
Reporting and activity regarding accounts is still in the same place for both admin levels under the Accounts menu. Accounts that were provisioned through automation will show that they were created by ExchangeDefender Automation, and Blocked Addresses will show the name of the admin that blocked them.
What about deletions? What about turning this system off entirely?
We’re working on it – stay tuned! We’re obviously curious why anyone would want this turned off so if you have a legitimate reason (other than it makes it difficult to cheat on licensing) please let us know. If you have a legitimate use for a service/device to relay mail out, you can always configure it with a free IoT account in ExchangeDefender.
We are also currently working on automatic deletions (based on usage patterns) that will be configurable on a per-domain policy. For example, you’ll have the ability to deactivate accounts that have not sent out any email in 3 months.
As noted nearly two months ago, ExchangeDefender is starting Automated ExchangeDefender Provisioning. In the long, long ago when everyone ran their own Exchange servers, ExchangeDefender offered XDSync to automate creation of ExchangeDefender users as soon as they were added to the Active Directory.
Fast forward to 2019: Few people still run their own Active Directory and most users are now on cloud-based email services that don’t use Active Directory. This puts a burden on our CIO/MSP/IT personnel that has to manage users manually – so we solved that problem with ExchangeDefender. Here is the user experience.
Automated Provisioning – User Experience
When ExchangeDefender detects a new email address from your domain sending outbound mail, it will automatically provision the account for you. This way nobody has to deal with the account management and maintenance, nor do they have to filter and audit the list as local accounts, distribution groups, etc do not send out external emails anyhow. If they do, from the licensing standpoint, it’s treated as a user. When we detect a new user, they get this email:
The email contains branding and contact information of an MSP if the client is managed by an MSP. Otherwise, only the domain administrator and ExchangeDefender basic contact info is provided.
At this point, the user is added and configured for ExchangeDefender services according to the domain defaults the IT department configured for this domain.
Clicking on the “Complete Enrollment” button takes the user to the website to setup basic settings. This part is actually VERY cool and something our clients have been begging for – something that shows the user how to actually use the product.
The enrollment wizard is only 2 steps long and gets the essential settings that 99% of users change.
Setup your password, tell us what to do with SPAM, tell us what time you want the email report (if enabled by CIO/MSP/IT) and that’s it – user is done. We’re also working on additional customization/templating of the welcome emails which should be launching later this year.
Over the past year we’ve been introducing enterprise security measures to help protect our clients from an increasing volume of attacks. Email is the single most abused gateway for email threats – with 91% of corporate breaches starting through email – and it’s only getting worse.
If you’ve used Yahoo, MySpace, or hundreds of popular free web sites (go to https://haveibeenpwned.com/ to see how/who exposed your data) your credentials and other information is available on the web. Hackers are using these passwords and personal information to guess their way into other sites that haven’t been breached – so if you use the same or similar password (or only change the site id, or one number or letter to make it different) then you’re making it very simple for hackers to get into your account.
For the details on all the stuff we’ve got coming in September, we’d like to invite you to our webinar:
ExchangeDefender Security Upgrade
Tuesday, September 10th, 2019
In the meantime, we’re going to help our partners and clients not make things “stupid easy” for hackers – by globally resetting ExchangeDefender passwords that are older than 1 year. We’ll do this on September 1st, in a very minimally intrusive way, and for those that don’t use ExchangeDefender on the daily basis (and mainly just release SPAM from quarantines) the password change won’t affect them.
Using an OTP/2FA or VPN services or all the free features that are built into ExchangeDefender to keep you secure is obviously our preferred way but as we’ve noted – the realities of SMB concern for IT security – so we need to try something else. We really hope our partners and clients can take the time to attend the September Webinar, as we believe the stuff we’ve built will help lock down your organization and make security manageable again.
Ever since we committed to ExchangeDefender Phishing Firewall as a core feature in ExchangeDefender, we knew that the biggest user benefit will be a trusted cyber-security expert available as a part of the solution. ExchangeDefender redirects all links that pass through ExchangeDefender through our firewall, giving users that click on a suspicious link in their email more information about the suspicious site – for example, if you clicked on a link in an email from Bank of America and are actually going to a web site in Poland, it might be an issue. But who do you turn to when there is an issue?
ExchangeDefender Chief Security Officer is just a click away and so far we’ve handled over a thousand inquiries from our clients and partners. If you’re looking at a link and you cannot tell why we intercepted and flagged the content, just click on the yellow button and fill out a form.
Within 24 hours you’re guaranteed a response from our team. The turnaround average so far has been just 18 minutes!
What happens on the back-end is actually quite hands-on: first we investigate the original email and compare the context with the link target, location, etc. We then open the link in a sandbox (safe environment without additional network connectivity and no data) to see what sort of information the web site collects and attempts to send. We then rephrase it in a non-techie user-friendly way and help the client out.
We’ve been overwhelmed with both skepticism and compliments as a result – turns out most users do not expect a response and are pleasantly surprised when an actual human emails back with useful information. We’ve gotten compliments on our turnaround time, usefulness of information, saving the user from dangerous content, as well as thankful comments about the frustration that phishing in general creates – as we’ve been fine tuning xdref.com our users are seeing it less and less and when they do see it we are happy to help.
The overall value of the service cannot be overstated – we’ve saved our CIOs, partners, MSPs, IT guys and gals hundreds of hours in investigative work alone. We got our clients a security audit that allowed them to continue to work quickly. Not to mention about all the bad links that likely would have lead to a breach or security compromise – that the users and techs never had to deal with.
P.S. Included in ExchangeDefender Pro at no additional cost. If you’re still frustrating your clients with “training” programs/videos/whitepapers that SPAM filters catch and junk anyhow – stop wasting your clients time and money – ExchangeDefender Phishing Firewall is a better, more effective, more affordable solution.
ExchangeDefender Phishing Firewall has been a huge success in it’s initial roll out and I wanted to take a moment to bring you up to speed on our progress and our end goal: to eliminate phishing and spear phishing as a threat to our clients. I do not intend to mince words here, this is the #1 threat out there – 90% of all compromises and breeches start with a phishing email. Stopping it, as an email security company, is our #1 job and I’m happy to report that initial results are stunning.
Little bit of a rewind: Until now the most popular way to fight phishing and spear phishing was through “education” – there is an entire cottage industry of supposed “phishing education”, testing, refreshers – and it all revolves around training people to hover over links in Outlook, what not to click, what to read. It will not surprise you that such “training” is practically worthless, but they say that a picture is worth a thousand words so here is our phishing book:
In the 48 hours following 4th of July weekend in United States, dangerous links in the email were clicked on over 770,000 times.
Without ExchangeDefender Phishing Firewall, these links would have redirected our clients to dangerous sites that likely would have lead to a compromise or a security breach. So much for training.
What’s even more telling is that, even with our firewall in place, 164,000 people decided to proceed to a dangerous site anyhow.
If more than 1 out of 5 clicks in your email will take you somewhere dangerous, how well is your training performing?
With ExchangeDefender Phishing Firewall we are enabling companies to setup policies, restrict access, provide intelligence as the user clicks — and we provide logging giving you an idea who attempted to trash your organizations network.
The scary truth behind phishing is that training is only useful in blatantly apparent cases – the kind that will NEVER even get to your inbox. Our SPAM filtering detects dangerous email content and filters it out before it has a chance to get to your Inbox. The stuff that we can flag as dangerous – thanks to user reporting, audits, and look-ahead scanning is far more sophisticated than anything we could pack into a SPAM filter – and it gives your users real intelligence on what they are about to click on. You cannot expect users to remember all their training and to be a web security analyst – their job is acting on the email.
Our job, is making sure the emails get to them clean and free of dangerous malware. Once they click on the links in the email – we are going one step ahead – and leveraging our industry relationships (data feeds and infosec sharing of dangerous content) to make sure you know exactly what you’re clicking on.
Phishing is immensely profitable and far more effective than any other form of hacking – the user literally clicks and gives the hacker the keys to the network – and our ExchangeDefender Phishing Firewall helps remove the danger and reduces phishing to merely an annoyance.
The numbers speak for themselves.
ExchangeDefender Phishing Firewall continues to impress in terms of performance and user engagement – it’s catching dangerous content and keeping users safe from phishing attacks that often result in security compromises and breaches. Phishing accounts for over 90% of IT compromises, and as we’ve written before more than 1 out of 5 links our clients click on have lead them somewhere dangerous. With those numbers it’s clear to see why hackers are relying on phishing as the first and most effective form of attack – people will click on anything!!! And as intrusive as EPF seems to some (thank you for your feedback), our development team has been working overtime since the launch to make ExchangeDefender Phishing Firewall out of the way when it should be, and in your face when something dangerous shows up.
The goal of ExchangeDefender Phishing Firewall is to keep you safe from potentially dangerous sites and out of the way the rest of the time. You can keep up with our Dev fixes over at https://www.anythingdown.com and keep sending us your feedback. We love to hear it and we love improving the service so it can help keep you and your business safe. We also like to hear what you want us to add to the service that would make it more valuable. One such piece of feedback helped build a “Report Issue” feature:
If you click on something that you don’t recognize and you can’t tell what it is – DO NOT CLICK ON THE LINK – we are here for you. Our security concierge will open the link in an isolated virtual environment and see what kind of data is being sent back-and-forth. You will get a response, generally within minutes, with either a thumbs up or thumbs down. How cool is that?
Keep the suggestions coming, we love making ExchangeDefender Phishing Firewall the key part of your defense from phishing.
ExchangeDefender Phishing Firewall has had an outstanding first * X days * protecting our clients from phishing. While the roll-out of such a massive service is always going to be a challenge, we cannot be more thankful for our users and the relationship that has lead to tons of feedback, bug fixes, new features, and a meteoric rise in additional security that everyone enjoys.
Just as a reminder, ExchangeDefender Phishing Firewall is an always-on phishing protection for email and web. As someone emails you phishing content, in hopes that you’d click on it and give away credentials and download malware, ExchangeDefender both helps keep that email sanitized and quarantined so that it never gets to your Inbox to be clicked on. But that’s not a fool-proof process, nor is it realtime – a site that was safe when the email was sent could have just been hacked and dangerous content uploaded – but we’ve got you protected there too: when you click on any suspicious site in ExchangeDefender scanned messages you will be directed to our firewall site, instead of directly to the suspicious content. Once you’re there, you are further protected by your corporate policies, and you’re given additional information that helps you determine if the site is dangerous or not. Once you’re sure you can either whitelist or blacklist the site and you’ll never be interrupted again.
How cool is that? Well, it’s so cool that during just the first two (2) days of use, ExchangeDefender Phishing Firewall caught 770,000 clicks on suspicious sites that aren’t one of the top 5,000 Internet domains – and 164,000 requests proceeded to known dangerous stuff.
When you’re dealing with email and dangerous links, you need every bit of security and intelligence in your corner and ExchangeDefender Phishing Firewall delivers that:
It’s always on, always scanning your messages
There is nothing to configure, setup, install, or buy
It works on Outlook, Gmail, and any other email service
It protects you on your desktop, laptop, tablet, and anywhere else you click on links
It gives you a database of known dangerous/suspicious sites
It protects you by isolating patterns/data from ExchangeDefender’s reputation table
It secures you by leveraging data-sharing relationships we have with the worlds largest security vendors
It logs your activity so you can backtrack and identify dangerous activity
It gives your business ability to setup custom policies and block/allow access as needed
It gives you control over which sites to whitelist and blacklist so you’re not interrupted
It learns what you click on and how so you don’t have to manage a whitelist
Most importantly, it gives you access to our Chief Security Officer infrastructure where you can Report an Issue and have our team help evaluate a potentially dangerous link.
Not only are we doing everything to keep you safe and secure online, we’re literally available in person to assist when necessary. We know that every feature/block isn’t going to be loved by everyone, we know that every change can grind some folks the wrong way, we know that it’s not going to be perfect – but we’re in your corner, we’re here for you, and keep on sending us feedback so we can build this into a security service everyone loves as much as ExchangeDefender.
Thank you for your business and have a SAFE day on the Internets :slightly_smiling_face: